<?php
/* -------------------------------------------------------------------------------------
* 	ID:						$Id: login_offline.php 179 2013-09-22 07:55:59Z phone.mueller@googlemail.com $
* 	Letzter Stand:			$Revision: 179 $
* 	zuletzt geaendert von:	$Author: siekiera $
* 	Datum:					$Date: 2013-09-22 07:55:59 +0000 (Sun, 22 Sep 2013) $
*
* 	SEO:mercari by Siekiera Media
* 	http://www.seo-mercari.de
*
* 	Copyright (c) since 2011 SEO:mercari
* --------------------------------------------------------------------------------------
* 	based on:
* 	(c) 2000-2001 The Exchange Project  (earlier name of osCommerce)
* 	(c) 2002-2003 osCommerce - www.oscommerce.com
* 	(c) 2003     nextcommerce - www.nextcommerce.org
* 	(c) 2005     xt:Commerce - www.xt-commerce.com
*
* 	Released under the GNU General Public License
* ----------------------------------------------------------------------------------- */

include('includes/application_top.php');

if(isset($_SESSION['customer_id']))
	redirect(href_link(FILENAME_DEFAULT, '', 'SSL'));

$smarty = new Smarty();

require_once(DIR_FS_INC.'inc.validate_password.php');
require_once(DIR_FS_INC.'inc.write_user_info.php');

if($session_started == false)
	redirect(href_link(FILENAME_COOKIE_USAGE));

if(isset($_GET['action']) && ($_GET['action'] == 'process')) {
	$email_address = $_POST['email_address'];
	$password = $_POST['password'];

    $check_customer = $db->db_query("SELECT
										customers_id,
										customers_cid,
										customers_vat_id,
										customers_firstname,
										customers_lastname,
										customers_gender,
										customers_password,
										customers_email_address,
										customers_default_address_id,
										login_tries,
										login_time
									FROM 
										".TABLE_CUSTOMERS."
									WHERE
										customers_email_address = '".$email_address."'
									AND 
										account_type = '0'");
    if (!$check_customer->_numOfRows) {
	    $_GET['login'] = 'fail';
	    $info_message = TEXT_NO_EMAIL_ADDRESS_FOUND;
		$smarty->assign('BUTTON_LOGIN', image_submit('button_login.gif', IMAGE_BUTTON_LOGIN));
		
    } else {
        $login_success = true;
		$blocktime = LOGIN_TIME;
		$time = time();
		$logintime = strtotime($check_customer->fields['login_time']);
		$difference = $time - $logintime;
		$login_tries = $check_customer->fields['login_tries'];

		if(($_POST['security_code'] != $_SESSION['security_code_login']) || (!empty($_SESSION['security_code_login']) && empty($_POST['security_code']))) {
			$info_message = TEXT_WRONG_CODE;
			$db->db_query("UPDATE ".TABLE_CUSTOMERS." SET login_tries = login_tries+1, login_time = now() WHERE customers_email_address = ".$db->db_prepare($email_address));
			$login_success = false;

		} elseif (!validate_password($password, $check_customer->fields['customers_password'])) {
			$_GET['login'] = 'fail';
			$info_message = TEXT_LOGIN_ERROR;
			$db->db_query("UPDATE ".TABLE_CUSTOMERS." SET login_tries = login_tries+1, login_time = now() WHERE customers_email_address = ". $db->db_prepare($email_address));
			$login_success = false;
		}

       	if(($login_tries >= LOGIN_NUM && $difference < $blocktime) || ($_POST['security_code'] != $_SESSION['security_code_login'])) {
       		$captcha_site = '_loginoffline';
       		include('captcha.php');
			$smarty->assign('VVIMG', '<img width="200" height="70" src="captcha.php?show=true&name=loginoffline" alt="Captcha" id="captcha_image" /> ');
			$smarty->assign('INPUT_CAPTCHA', draw_input_field('security_code', '', 'size="6" maxlength="6" style="width:25px; text-align:center" id="security_code"', 'text', false));
			$smarty->assign('BUTTON_LOGIN', image_submit('button_login.gif', IMAGE_BUTTON_LOGIN, 'id="login_button"'));
       	} else
			$smarty->assign('BUTTON_LOGIN', image_submit('button_login.gif', IMAGE_BUTTON_LOGIN));

		if($login_success) {
			$db->db_query("UPDATE ".TABLE_CUSTOMERS." SET login_tries = 0, login_time = now() WHERE customers_email_address = ".$db->db_prepare($email_address));
				
			if(SESSION_RECREATE == 'True')
				session_recreate();

			$check_country = $db->db_query("SELECT 
												entry_country_id, entry_zone_id 
											FROM 
												".TABLE_ADDRESS_BOOK." 
											WHERE 
												customers_id = '".(int) $check_customer->fields['customers_id']."' 
											AND 
												address_book_id = '".$check_customer->fields['customers_default_address_id']."'");

			$_SESSION['customer_gender'] = $check_customer->fields['customers_gender'];
			$_SESSION['customer_first_name'] = $check_customer->fields['customers_firstname'];
			$_SESSION['customer_last_name'] = $check_customer->fields['customers_lastname'];
			$_SESSION['customer_id'] = $check_customer->fields['customers_id'];
			$_SESSION['customer_vat_id'] = $check_customer->fields['customers_vat_id'];
			$_SESSION['customer_default_address_id'] = $check_customer->fields['customers_default_address_id'];
			$_SESSION['customer_country_id'] = $check_country->fields['entry_country_id'];
			$_SESSION['customer_zone_id'] = $check_country->fields['entry_zone_id'];
			
			unset($_SESSION['security_code_loginoffline']);
			unset($_SESSION['captcha']);

			if($_SESSION['customer_id'] == '1' && AFTER_LOGIN == 'true')
				redirect(href_link('admin/start.php', '', 'SSL'));
			
			write_user_info((int)$_SESSION['customer_id']);
			$_SESSION['cart']->restore_contents();
			$_SESSION['wishList']->restore_contents();
			redirect(FILENAME_DEFAULT);
		}
	}
	
} else
	$smarty->assign('BUTTON_LOGIN', image_submit('button_login.gif', IMAGE_BUTTON_LOGIN));
	
$content_text = $db->db_query("SELECT content_heading, content_text FROM ".TABLE_CONTENT_MANAGER." WHERE content_group = '12' AND languages_id = '".(int)$_SESSION['languages_id']."' ");

require(DIR_WS_INCLUDES.'header.php');

$smarty->assign('info_message', $info_message);
$smarty->assign('HEADER_OFFLINE', $content_text->fields['content_heading']);
$smarty->assign('CONTENT_OFFLINE', $content_text->fields['content_text']);
$smarty->assign('FORM_ACTION', draw_form('login_offline', href_link(FILENAME_DOWN_FOR_MAINTENANCE_LOGIN, 'action=process', 'SSL')));
$smarty->assign('INPUT_MAIL', draw_input_field('email_address', BOX_EMAIL_VALUE));
$smarty->assign('INPUT_PASSWORD', draw_password_field('password'));
$smarty->assign('FORM_END', '</form>');
$smarty->assign('language', $_SESSION['language']);
$smarty->caching = false;
$smarty->loadFilter('output', 'note');
$smarty->loadFilter('output','trimwhitespace');
$smarty->display(CURRENT_TEMPLATE.'/module/login_offline.html');
include('includes/application_bottom.php');